Hi Guys!
I'l have a question: anyone try to use
GrSec/PaX/SSP/ExecShield/PIE protection?
is this possible? can be any problems with whis (kernel build,
package compiling and using etc)?
proactive security ?
3 posts
• Page 1 of 1
proactive security ?
by pumpkins » Fri Apr 07, 2006 7:31 am
- pumpkins
- Posts: 1
- Joined: Fri Apr 07, 2006 7:29 am
by JLO » Fri Apr 07, 2006 7:27 pm
Alright, I'm kinda glad you brought that up. I'm wanting to remove pax from the grsecurity patch (I would like to keep the other features), and try this patch out on a 2.4.32 kernel:
http://aslp.kavefish.net/
http://aslp.kavefish.net/
- JLO
- Posts: 12
- Joined: Wed Aug 18, 2004 10:23 am
Re: proactive security ?
by tosh » Tue Apr 11, 2006 8:00 am
pumpkins wrote:I'l have a question: anyone try to use
GrSec/PaX/SSP/ExecShield/PIE protection?
is this possible? can be any problems with whis (kernel build,
package compiling and using etc)?
I am using GrSec/PaX/SSP/PIE.
ExecShield is similar to PaX so mixing both may not work or even dosn't make sense.
To get randomization of executables in kernel 2.6 you should use PIE if i am correct PaX don't do that in 2.6 kernels any more (kernel does it by itself).
SSP helps preventing return to glibc atacks which GrSec/PaX cannot stop so it is a good fulfit.
- tosh
- Posts: 19
- Joined: Mon Apr 10, 2006 9:13 pm
3 posts
• Page 1 of 1